Uploaded image for project: 'Build'
  1. Build
  2. BUILD-1150

Disable Renovate PRs for libraries that need to stay in sync with others

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Neutral
    • None
    • None
    • None
    • None

    Description

      We keep running into the discussion of whether we should perform some upgrades, such as: https://git.magnolia-cms.com/projects/BUILD/repos/boms/pull-requests/1293/overview

      Let's instead go with the following policy:

      1. if a security vulnerability requires it, we will allow a library pair to become out of sync. For instance: H2 normally should be in sync with version in JR, which we'll do 99% of the time, but if the particular H2 version is vulnerable, then we will temporarily bump it
      2. otherwise, let's just plain disable Renovate PRs for those library. They are essentially noise.

      Checklists

        Acceptance criteria

        Attachments

          Activity

            People

              mmichel Maxime Michel
              mmichel Maxime Michel
              Foundation
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Checklists

                  Task DoR